Screenly has announced its participation in the Cybersecurity and Infrastructure Security Agency’s (CISA) Secure by Design initiative, becoming the first digital signage company to do so. This initiative encourages the incorporation of cybersecurity features during the development of digital products, rather than adding them as afterthoughts. The goal is to mitigate vulnerabilities from the outset, enhancing the security of digital systems.
Introduction to “Secure by Design”
The “Secure by Design” initiative, led by CISA, underscores the importance of incorporating security features during the initial design and development stages. This approach is increasingly crucial in today’s digital landscape, where cyber threats are both sophisticated and prevalent. The initiative also involves collaboration with international cybersecurity agencies from countries including Australia, Canada, New Zealand, Singapore, the Czech Republic, Germany, Israel, Japan, South Korea, the Netherlands, Norway, the United Kingdom, and others.
Key Commitments by Screenly
Screenly’s involvement in the “Secure by Design” initiative encompasses several key practices designed to bolster the security of their digital signage solutions:
- Elimination of Default Passwords: To minimize the risk of unauthorized access, Screenly has removed default passwords from their devices. This critical measure addresses a common vulnerability in digital systems, providing a stronger security foundation.
- User Education and Field Testing: Screenly is dedicated to educating customers on the security features of their products. By conducting field tests, they assess how users interact with these features in real-world scenarios and provide guidance on best practices, helping users safeguard their systems.
- Streamlined Hardening Guides: The company offers simplified hardening guides, making it easier for users to implement necessary security measures. These guides provide clear, actionable steps to enhance overall system security.
- Management of Legacy Features and End-of-Life Notifications: Screenly actively manages the lifecycle of their products, offering clear notifications and support for devices nearing the end of their operational life. This prevents the continued use of potentially vulnerable outdated technology.
- Attention-Grabbing Security Alerts: Screenly employs in-app notifications and user interface enhancements to promote secure practices, such as enabling multi-factor authentication (MFA) and Single Sign-On (SSO).
Screenly follows a strict Secure Software Development Lifecycle (SDLC), which includes practices such as code reviews, signed commits, and the use of automated CI/CD pipelines. The company places a strong emphasis on vulnerability management, leveraging tools like Dependabot and SonarCloud. Additionally, Screenly is adopting Software Bill of Materials (SBOMs) to improve transparency and security within their software supply chain.
Screenly is adopting a Zero Trust Architecture (ZTA), ensuring that all system access is strictly verified and authenticated. This includes secure communication protocols for devices and mandatory MFA for internal systems.
Furthermore, Screenly prioritizes customer support and transparency by providing security-related logs at no additional charge and ensuring that their devices receive automatic over-the-air updates. This eliminates the need for manual updates, helping to maintain a secure and up-to-date operating environment.
Screenly’s involvement in the “Secure by Design” initiative introduces a new benchmark in the digital signage industry, underlining the importance of cybersecurity. As digital signage systems become more integrated into business operations, ensuring their security becomes increasingly important. Screenly’s proactive steps aim to enhance the security of its products and encourage other companies to consider cybersecurity in their product development processes.
For more detailed information on Screenly’s “Secure by Design” initiatives, visit https://www.screenly.io/blog/2024/07/31/cisa-secure-by-design/
CISA Secure by Design Pledge: https://www.cisa.gov/resources-tools/resources/cisa-secure-design-pledge